info --file="%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."
Thanks for the report. I'll fix it as soon as I can, unless someone
else here can provide a patch. One expedient fix (worked for me anyway)
is included below and is in Texinfo CVS now. I think a better fix would
be to double any % characters in filename in the filesys_error_string
function, which I'll try to get to soon. (The best fix would be to
implement error handling completely differently, but I can't undertake
that.)
I'm just as happy you didn't send a fully-working exploit to make things
easy for the crackers.
Best,
Karl
--- info.c.~1.21.~ 2007-09-21 15:49:26.000000000 -0700
+++ info.c 2007-11-16 15:37:54.000000000 -0800
@@ -570,3 +570,6 @@
fprintf (stderr, "%s: ", program_name);
- fprintf (stderr, format, arg1, arg2);
+ if (arg1)
+ fprintf (stderr, format, arg1, arg2);
+ else
+ fputs (format, stderr);
fprintf (stderr, "\n");
